5

In this episode, David Monnier is joined by Stephen Fridakis, Deputy Chief Information Security Officer, Verily, an Alphabet Company focused on delivering precision health. As a deputy CISO, Stephen concentrates on governance, risk, and compliance.

Topics discussed:

• Stephen became a CISO in 2006. He describes how he has seen this role evolve from being focused on technology to being risk-centric.

• Stephen highlights some misalignments between what security operations aim to do and a company's business strategy.

• Accurately assessing an organization's asset inventory can be a challenge. Stephen discusses some difficulties associated with assessing risk without an accurate IT inventory.

• David and Stephen explore why equating compliance and security is often a mistake businesses make.

• Stephen explains his views on cyber risk management and how to measure a risk management program's effectiveness.

• Zero Trust is a popular security model. Stephen explains what that means to him and how he implements it.